Frequent ExchSrvr restarts needed for remote users

Hello all –
I have a mob of disenchanted users about to lynch me because of a problem
that I cannot get to the bottom of. I recently migrated Exchange 5.5 to 2K3,
consolidating three sites in the process. Now we have one Exchange Server at
headquarters that hosts all mailboxes and public folders. The problem is
with the users at the remote sites. Approximately every three business
days, I have to restart the Exch Srvr, because over the space of a few hours,
many users at the remotes sites are unable to connect to it. (“Trying to
connect..” in the Outlook status bar). Only a restart of the Exch Srvr fixes
the problem -- not a restart of the Outlook clients, nor of the PCs
themselves. Additionally, users local to the Exch Srvr (same lan) are not
affected. I would suspect a WAN bandwidth problem, but no other applications
are affected.
All users connect with Outlook 2K3 in cache-mode. Since there is presumably
a lot more traffic being generated (cache mode or not) between our WAN sites,
I’ve also had to look at the routers and firewalls involved. But for the
sake of approaching this as an Exchange problem as opposed to a Cisco
problem, can I ask if anyone knows anything about Exchange that might explain
this behaviour? Has anyone seen a case where the routers and firewalls have
been especially burdened in an Exchange Server 2003 consolidated site
configuration? Maybe with excessive tcp connections that do not time out?
(although this and other cisco troubleshooting measures have revealed
nothing).
If Exchange Server is the problem, it is as though it is accumulating
traffic statistics pertaining to slower-link clients, and never clearing it
out. Even if it is a Cisco problem, maybe some Exchange admins have run into
this before in cases of consolidated sites.
Thank you in advance for any ideas.

I can't see how it would be an Exchange problem since Exchange shouldn't
have any idea that such connections cross routers.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Worfman" <Worfman@discussions.microsoft.com> wrote in message
news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
> Hello all -
>
> I have a mob of disenchanted users about to lynch me because of a problem
> that I cannot get to the bottom of. I recently migrated Exchange 5.5 to
> 2K3,
> consolidating three sites in the process. Now we have one Exchange Server
> at
> headquarters that hosts all mailboxes and public folders. The problem is
> with the users at the remote sites. Approximately every three business
> days, I have to restart the Exch Srvr, because over the space of a few
> hours,
> many users at the remotes sites are unable to connect to it. ("Trying to
> connect.." in the Outlook status bar). Only a restart of the Exch Srvr
> fixes
> the problem -- not a restart of the Outlook clients, nor of the PCs
> themselves. Additionally, users local to the Exch Srvr (same lan) are
> not
> affected. I would suspect a WAN bandwidth problem, but no other
> applications
> are affected.
>
> All users connect with Outlook 2K3 in cache-mode. Since there is
> presumably
> a lot more traffic being generated (cache mode or not) between our WAN
> sites,
> I've also had to look at the routers and firewalls involved. But for the
> sake of approaching this as an Exchange problem as opposed to a Cisco
> problem, can I ask if anyone knows anything about Exchange that might
> explain
> this behaviour? Has anyone seen a case where the routers and firewalls
> have
> been especially burdened in an Exchange Server 2003 consolidated site
> configuration? Maybe with excessive tcp connections that do not time out?
> (although this and other cisco troubleshooting measures have revealed
> nothing).
>
> If Exchange Server is the problem, it is as though it is accumulating
> traffic statistics pertaining to slower-link clients, and never clearing
> it
> out. Even if it is a Cisco problem, maybe some Exchange admins have run
> into
> this before in cases of consolidated sites.
>
> Thank you in advance for any ideas.
>

This is an issue with windows 2003 sp1. sp1 has improved security for rpc.
these communication lost while its travell through vpn on the remote site. i
had the same problem with my exchange server i have unistalled the sp1 from
my exchange and domain ctrls. its working well. dont ever appay sp1 or any
sps. with out fully confriming it. but you blindly applay security pathces
and hot fixes. you please do this will fix your all problems. you mightg have
with rdp access also. and many other rpc depended programs. thanks and
regrads Manoj from MUscat
"Ed Crowley [MVP]" wrote:
> I can't see how it would be an Exchange problem since Exchange shouldn't
> have any idea that such connections cross routers.
> --
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
>
> "Worfman" <Worfman@discussions.microsoft.com> wrote in message
> news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
> > Hello all -
> >
> > I have a mob of disenchanted users about to lynch me because of a problem
> > that I cannot get to the bottom of. I recently migrated Exchange 5.5 to
> > 2K3,
> > consolidating three sites in the process. Now we have one Exchange Server
> > at
> > headquarters that hosts all mailboxes and public folders. The problem is
> > with the users at the remote sites. Approximately every three business
> > days, I have to restart the Exch Srvr, because over the space of a few
> > hours,
> > many users at the remotes sites are unable to connect to it. ("Trying to
> > connect.." in the Outlook status bar). Only a restart of the Exch Srvr
> > fixes
> > the problem -- not a restart of the Outlook clients, nor of the PCs
> > themselves. Additionally, users local to the Exch Srvr (same lan) are
> > not
> > affected. I would suspect a WAN bandwidth problem, but no other
> > applications
> > are affected.
> >
> > All users connect with Outlook 2K3 in cache-mode. Since there is
> > presumably
> > a lot more traffic being generated (cache mode or not) between our WAN
> > sites,
> > I've also had to look at the routers and firewalls involved. But for the
> > sake of approaching this as an Exchange problem as opposed to a Cisco
> > problem, can I ask if anyone knows anything about Exchange that might
> > explain
> > this behaviour? Has anyone seen a case where the routers and firewalls
> > have
> > been especially burdened in an Exchange Server 2003 consolidated site
> > configuration? Maybe with excessive tcp connections that do not time out?
> > (although this and other cisco troubleshooting measures have revealed
> > nothing).
> >
> > If Exchange Server is the problem, it is as though it is accumulating
> > traffic statistics pertaining to slower-link clients, and never clearing
> > it
> > out. Even if it is a Cisco problem, maybe some Exchange admins have run
> > into
> > this before in cases of consolidated sites.
> >
> > Thank you in advance for any ideas.
> >
>
>
>

On Tue, 13 Sep 2005 23:40:04 -0700, "Manoj Oommen Muscat 99206988"
<ManojOommenMuscat99206988@discussions.microsoft.com> wrote:
>This is an issue with windows 2003 sp1. sp1 has improved security for rpc.
>these communication lost while its travell through vpn on the remote site. i
>had the same problem with my exchange server i have unistalled the sp1 from
>my exchange and domain ctrls. its working well. dont ever appay sp1 or any
>sps. with out fully confriming it. but you blindly applay security pathces
>and hot fixes. you please do this will fix your all problems. you mightg have
>with rdp access also. and many other rpc depended programs. thanks and
>regrads Manoj from MUscat
If anything, it *might* be an issue with ms05-19.
http://support.microsoft.com/kb/898060/
I dont necessary recommend that someone unistall Sp1.
>
>"Ed Crowley [MVP]" wrote:
>
>> I can't see how it would be an Exchange problem since Exchange shouldn't
>> have any idea that such connections cross routers.
>> --
>> Ed Crowley
>> MVP - Exchange
>> "Protecting the world from PSTs and brick backups!"
>>
>> "Worfman" <Worfman@discussions.microsoft.com> wrote in message
>> news:C84C3057-43C2-49A2-B4BF-85285D89395F@microsoft.com...
>> > Hello all -
>> >
>> > I have a mob of disenchanted users about to lynch me because of a problem
>> > that I cannot get to the bottom of. I recently migrated Exchange 5.5 to
>> > 2K3,
>> > consolidating three sites in the process. Now we have one Exchange Server
>> > at
>> > headquarters that hosts all mailboxes and public folders. The problem is
>> > with the users at the remote sites. Approximately every three business
>> > days, I have to restart the Exch Srvr, because over the space of a few
>> > hours,
>> > many users at the remotes sites are unable to connect to it. ("Trying to
>> > connect.." in the Outlook status bar). Only a restart of the Exch Srvr
>> > fixes
>> > the problem -- not a restart of the Outlook clients, nor of the PCs
>> > themselves. Additionally, users local to the Exch Srvr (same lan) are
>> > not
>> > affected. I would suspect a WAN bandwidth problem, but no other
>> > applications
>> > are affected.
>> >
>> > All users connect with Outlook 2K3 in cache-mode. Since there is
>> > presumably
>> > a lot more traffic being generated (cache mode or not) between our WAN
>> > sites,
>> > I've also had to look at the routers and firewalls involved. But for the
>> > sake of approaching this as an Exchange problem as opposed to a Cisco
>> > problem, can I ask if anyone knows anything about Exchange that might
>> > explain
>> > this behaviour? Has anyone seen a case where the routers and firewalls
>> > have
>> > been especially burdened in an Exchange Server 2003 consolidated site
>> > configuration? Maybe with excessive tcp connections that do not time out?
>> > (although this and other cisco troubleshooting measures have revealed
>> > nothing).
>> >
>> > If Exchange Server is the problem, it is as though it is accumulating
>> > traffic statistics pertaining to slower-link clients, and never clearing
>> > it
>> > out. Even if it is a Cisco problem, maybe some Exchange admins have run
>> > into
>> > this before in cases of consolidated sites.
>> >
>> > Thank you in advance for any ideas.
>> >
>>
>>
>>

"Manoj Oommen Muscat 99206988"
<ManojOommenMuscat99206988@discussions.microsoft.com> wrote:
>This is an issue with windows 2003 sp1. sp1 has improved security for rpc.
Phooey. We run W2K3 SP1 on Exchange servers and have no problems
related to "improved rpc security".
We've had problems with VPN's (they all add bits to the packet headers
tht sometimes cause the packet to be fragmented). We've had problems
with DSL routers (especially with VPNs). We've had problems with
Kerberos (the UDP packet becomes too large). None of those were
related to the applicationof SP1. But we haven't had problems with
"rpc security" and Outlook clients with W2K3 SP1.
>these communication lost while its travell through vpn on the remote site. i
>had the same problem with my exchange server i have unistalled the sp1 from
>my exchange and domain ctrls. its working well.
Then you've got a problem with the tcpip.sys module. SP1 includes the
same broken code as the original MS05-019 security fix.
Install the hotfix described in this KB article:
http://support.microsoft.com/kb/898060/
>dont ever appay sp1 or any
>sps. with out fully confriming it.
That's good advice, but it's not new advice. :)
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com

Thank you all for your responses. The RPC/SP1 argument is enticing, but I
forgot to mention that OWA is also crippled at the remote facilities. KB
898060 is also interesting, but the symptoms don't quite match. During the
problem intervals, I can RDC a computer at the remote site, and from that PC,
RDC back to headquarters, all with no delays. Pings are also fine. We did
recently tweak the Lsa/Kerberos registry settings, which helped our DC
replication problems, but didn't do much on the client ends. Re: MTUs, I
unfortunately cannot adjust those on the routers I have (Pix firewalls yes,
3640's, 2610's no) -- also related to the excess VPN baggage point, I can
mention that I also have GRE tunnels in place, which add their own headers to
the IPSEC headers. If something particular to Microsoft Exchange is
especially sensitive to packet fragmentation, I'd be thrilled to see some
confirmation of this.
This is a tough problem in that only one application -- Exchange/Outlook --
is affected at the remote sites. And once it goes down, it doesn't come
back. If something related to RPC security is involved, and it addresses
individual client/host connections to the server, then a PC that is kept off
at a remote site should have no problems connecting with Outlook if it is
fired up after all the other PCs have gone south -- something to add to the
list of things to try the next time this happens.
"Rich Matheisen [MVP]" wrote:
> "Manoj Oommen Muscat 99206988"
> <ManojOommenMuscat99206988@discussions.microsoft.com> wrote:
>
> >This is an issue with windows 2003 sp1. sp1 has improved security for rpc.
>
> Phooey. We run W2K3 SP1 on Exchange servers and have no problems
> related to "improved rpc security".
>
> We've had problems with VPN's (they all add bits to the packet headers
> tht sometimes cause the packet to be fragmented). We've had problems
> with DSL routers (especially with VPNs). We've had problems with
> Kerberos (the UDP packet becomes too large). None of those were
> related to the applicationof SP1. But we haven't had problems with
> "rpc security" and Outlook clients with W2K3 SP1.
>
> >these communication lost while its travell through vpn on the remote site. i
> >had the same problem with my exchange server i have unistalled the sp1 from
> >my exchange and domain ctrls. its working well.
>
> Then you've got a problem with the tcpip.sys module. SP1 includes the
> same broken code as the original MS05-019 security fix.
>
> Install the hotfix described in this KB article:
> http://support.microsoft.com/kb/898060/
>
> >dont ever appay sp1 or any
> >sps. with out fully confriming it.
>
> That's good advice, but it's not new advice. :)
>
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
>

"Worfman" <Worfman@discussions.microsoft.com> wrote:
>Thank you all for your responses. The RPC/SP1 argument is enticing, but I
>forgot to mention that OWA is also crippled at the remote facilities. KB
>898060 is also interesting, but the symptoms don't quite match.
I'm sure they don't. But you can apply the hotfix and see if it fixes
the problem. It sure fixed ours, and the problems aren't limited to
just Outlook and Exchange. We had serious problems with LCS, too.
They're all gone.
>During the
>problem intervals, I can RDC a computer at the remote site, and from that PC,
>RDC back to headquarters, all with no delays.
Yup. So could we.
>Pings are also fine.
Ping is of limited use. It tells you that you're able to establish a
connection. But the protocols are different to what applications use.
You can successfully ping a crashed Windows server, too -- not that it
does youmuch good. :)
>We did
>recently tweak the Lsa/Kerberos registry settings, which helped our DC
>replication problems, but didn't do much on the client ends.
That doesn't tell us much. What did you change?
>Re: MTUs, I
>unfortunately cannot adjust those on the routers I have (Pix firewalls yes,
>3640's, 2610's no) --
You can still reduce the MTU size at the client and server. But I'd go
for the tcpip.sys update first.
>also related to the excess VPN baggage point, I can
>mention that I also have GRE tunnels in place, which add their own headers to
>the IPSEC headers. If something particular to Microsoft Exchange is
>especially sensitive to packet fragmentation, I'd be thrilled to see some
>confirmation of this.
Exchange isn't, but not every router you encounter deals with
fragmented packets correctly. Unless you have a private linw between
the two wendpoints you don't know who you're dealing with.
>This is a tough problem in that only one application -- Exchange/Outlook --
>is affected at the remote sites.
How many others use client/server and RPC's? RPC's are sensitive to
latency and timeouts. NBT isn't (or at least it's a lot less so).
>And once it goes down, it doesn't come
>back.
What happens if you disable and then re-enable the NIC? At either
side, but especially at the server.
>If something related to RPC security is involved, and it addresses
>individual client/host connections to the server, then a PC that is kept off
>at a remote site should have no problems connecting with Outlook if it is
>fired up after all the other PCs have gone south -- something to add to the
>list of things to try the next time this happens.
I think you've fastened on to the "security" thing becasue it's
something new. I think it's a red herring. But, it's your system and
network. You're responsible for its operation.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com

I feel the need to chime in here as I too am dealing with this specific issue
and have the lynch mob at my door. In the last 2-4 months we have begun a
widespread rollout of Exchange 2003 upgrades (from 2000) and Cisco VPN router
deployments (from Watchguard Firebox II/III units).
It seems shortly after receiving their Cisco 1841 Advanced Security router,
a host of sporadic connectivity problems specific to Outlook (trying to
connect...), Exchange IM (won't log in, user does not receive a complete list
of contacts) and internal IIS sites with "Integrated Windows Authentication"
(regular site navigation shows intermittent "hangs" where IE continues to
wait for a response) come out of the woodwork for clients accessing these
services over the VPN tunnel.
Our team already has escalated cases with both Microsoft and Cisco to work
this ongoing issue. We too were hit with MS05-19 that completely broke AD
replication over VPN. The short term fix was to apply a manual MTU setting
of 1372 to all domain controllers and Exchange servers across the Enterprise.
We are still cleaning up this setting.
Here are a few notes on my progress:
- We are NOT running 2003 SP1 on any systems.
- We have applied the MS05-19 FIXED hotfix to some clients and servers
(Exchange and DC's) and removed the forced 1372 MTU, but issues persist.
- I have forced Kerberos to use TCP on several clients with no noticeable
improvements.
- Forcing Outlook to use "NTLM authentication only" seemed to help briefly,
but problems returned.
- 99% of our remote Outlook clients are in cached-mode. Connectivity
problems are not as apparent in non-cached mode but we have not fully tested
this theory.
- We are forcing an MTU of 1300 on the Cisco VPN routers. I have adjusted
this value repeatedly and removed it completely with no change.
I am leaning toward a Cisco cause/solution but there are a lot of variables
to contend with. Our open cases and repeated network captures have not
revealed a definitive cause. Today, our case with Microsoft involved
captures between the Outlook client and Exchange server and revealed this:
<begin quote>
Observing right above the first bind in the trace: From the client-side we
see:
TCP - Syn (Client->Exchange)
TCP - Ack-Syn (Exchange->Client)
TCP - Ack (Client->Exchange)
RPC - Bind UUID A4 . . .
RPC - Bind UUID A4 . . .
RPC - Bind UUID A4 . . .
This appears to be a successful TCP session but the Binds don't receive a
response.
On the server side we see an entirely different story:
TCP - Syn (Client->Exchange)
TCP - Ack-Syn (Exchange->Client)
TCP - Reset (Client->Exchange)
NO RPC Bind at all
Something between the Client and the server is intercepting (or Modifying)
the last Ack Packet and replacing it with a Reset. After this occurs, the
Routers/Firewalls probably think the packet is out of state and drop the
subsequent bind attempts.
<end quote>
This all sounds like fragmentation to me but if Kerberos and/or RPC wants to
use large packets that cannot be fragmented after adding IPsec headers, how
do you get them over a VPN tunnel at all?
"Worfman" wrote:
> Hello all –
>
> I have a mob of disenchanted users about to lynch me because of a problem
> that I cannot get to the bottom of. I recently migrated Exchange 5.5 to 2K3,
> consolidating three sites in the process. Now we have one Exchange Server at
> headquarters that hosts all mailboxes and public folders. The problem is
> with the users at the remote sites. Approximately every three business
> days, I have to restart the Exch Srvr, because over the space of a few hours,
> many users at the remotes sites are unable to connect to it. (“Trying to
> connect..” in the Outlook status bar). Only a restart of the Exch Srvr fixes
> the problem -- not a restart of the Outlook clients, nor of the PCs
> themselves. Additionally, users local to the Exch Srvr (same lan) are not
> affected. I would suspect a WAN bandwidth problem, but no other applications
> are affected.
>
> All users connect with Outlook 2K3 in cache-mode. Since there is presumably
> a lot more traffic being generated (cache mode or not) between our WAN sites,
> I’ve also had to look at the routers and firewalls involved. But for the
> sake of approaching this as an Exchange problem as opposed to a Cisco
> problem, can I ask if anyone knows anything about Exchange that might explain
> this behaviour? Has anyone seen a case where the routers and firewalls have
> been especially burdened in an Exchange Server 2003 consolidated site
> configuration? Maybe with excessive tcp connections that do not time out?
> (although this and other cisco troubleshooting measures have revealed
> nothing).
>
> If Exchange Server is the problem, it is as though it is accumulating
> traffic statistics pertaining to slower-link clients, and never clearing it
> out. Even if it is a Cisco problem, maybe some Exchange admins have run into
> this before in cases of consolidated sites.
>
> Thank you in advance for any ideas.
>

I haven't digested the situation presented by JM, but wanted to thank Rich M
for his valuable comments. Regarding the Lsa/Kerberos settings, what we
edited was the Local computer/system/current controlset/control/lsa/
Kerberos/parameters/maxpacketsize setting to 1300 decimal on all hosts. This
helpd server replication, but not the current issue. In any case, i'm going
to apply the KB898060 hotfix tonight, and will let you know how it goes.
Thanks again.
"Rich Matheisen [MVP]" wrote:
> "Worfman" <Worfman@discussions.microsoft.com> wrote:
>
> >Thank you all for your responses. The RPC/SP1 argument is enticing, but I
> >forgot to mention that OWA is also crippled at the remote facilities. KB
> >898060 is also interesting, but the symptoms don't quite match.
>
> I'm sure they don't. But you can apply the hotfix and see if it fixes
> the problem. It sure fixed ours, and the problems aren't limited to
> just Outlook and Exchange. We had serious problems with LCS, too.
> They're all gone.
>
> >During the
> >problem intervals, I can RDC a computer at the remote site, and from that PC,
> >RDC back to headquarters, all with no delays.
>
> Yup. So could we.
>
> >Pings are also fine.
>
> Ping is of limited use. It tells you that you're able to establish a
> connection. But the protocols are different to what applications use.
> You can successfully ping a crashed Windows server, too -- not that it
> does youmuch good. :)
>
> >We did
> >recently tweak the Lsa/Kerberos registry settings, which helped our DC
> >replication problems, but didn't do much on the client ends.
>
> That doesn't tell us much. What did you change?
>
> >Re: MTUs, I
> >unfortunately cannot adjust those on the routers I have (Pix firewalls yes,
> >3640's, 2610's no) --
>
> You can still reduce the MTU size at the client and server. But I'd go
> for the tcpip.sys update first.
>
> >also related to the excess VPN baggage point, I can
> >mention that I also have GRE tunnels in place, which add their own headers to
> >the IPSEC headers. If something particular to Microsoft Exchange is
> >especially sensitive to packet fragmentation, I'd be thrilled to see some
> >confirmation of this.
>
> Exchange isn't, but not every router you encounter deals with
> fragmented packets correctly. Unless you have a private linw between
> the two wendpoints you don't know who you're dealing with.
>
> >This is a tough problem in that only one application -- Exchange/Outlook --
> >is affected at the remote sites.
>
> How many others use client/server and RPC's? RPC's are sensitive to
> latency and timeouts. NBT isn't (or at least it's a lot less so).
>
> >And once it goes down, it doesn't come
> >back.
>
> What happens if you disable and then re-enable the NIC? At either
> side, but especially at the server.
>
> >If something related to RPC security is involved, and it addresses
> >individual client/host connections to the server, then a PC that is kept off
> >at a remote site should have no problems connecting with Outlook if it is
> >fired up after all the other PCs have gone south -- something to add to the
> >list of things to try the next time this happens.
>
> I think you've fastened on to the "security" thing becasue it's
> something new. I think it's a red herring. But, it's your system and
> network. You're responsible for its operation.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
>

"Worfman" <Worfman@discussions.microsoft.com> wrote:
>I haven't digested the situation presented by JM, but wanted to thank Rich M
>for his valuable comments. Regarding the Lsa/Kerberos settings, what we
>edited was the Local computer/system/current controlset/control/lsa/
>Kerberos/parameters/maxpacketsize setting to 1300 decimal on all hosts.
Set it to "1" and force Kerberos to use TCP. :)
>This
>helpd server replication, but not the current issue.
What it will help is users trying to authenticate. If they have a
problem with that, and you switch the Outlook security to use NTLM
instead of Kerberos they should be able to authenticate.
unfortunately, there's no way to have Windows Messenger do that. :(
>In any case, i'm going
>to apply the KB898060 hotfix tonight, and will let you know how it goes.
The worst that can happen is you'll have to remove the hotfix. The
next worse is that it won;t fix your problem. :)
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com

Worfman,
I'm not sure if you've had any success with your issue but I wanted to post
an update with my findings. Long story short, this ended up being a Cisco
issue with CBAC (IP inspection) on our 1841 VPN routers -- see bug ID
CSCsb39237.
I don't have the full nitty-gritty details but in a nutshell the router was
not properly terminating closed connections. With the nature of cached-mode
syncing, connections are continually opened and closed to the Exchange server
hundreds if not thousdands of times per day. The more connections that were
opened, the more there were that didn't get closed properly. Eventually the
router would start sending out TCP RST packets in an attempt to get
connections to close but still would not flush them out of its internal
database. This may explain why non cached-mode clients aren't affected (as
much), since they maintain a connection once established.
This bug is relatively new but likely affects anyone running CBAC/IP
Inspection. I have received a new IOS from Cisco that I will be testing
tonight. If you're using CBAC, you can verify this problem by doing a "show
ip inspect statistics". If it's the cause, you'll see an usually high "Last
half-open sessions total" (around 5000 or more) and have a message at the
bottom that says "Half-open session count or session creation rate exceeded".
You can then run some debugs on CBAC and verify it's throwing out TCP resets
(tcp flag 0x4) all over the place. Restarting the router temporarily
resolves the issue until the connection count goes over 500 (or whatever you
set the max to).
I'm applying the new IOS to one site tonight with high hopes I can put this
issue to rest. Let me know if you have any luck with your mob.
"JM" wrote:
> I feel the need to chime in here as I too am dealing with this specific issue
> and have the lynch mob at my door. In the last 2-4 months we have begun a
> widespread rollout of Exchange 2003 upgrades (from 2000) and Cisco VPN router
> deployments (from Watchguard Firebox II/III units).
>
> It seems shortly after receiving their Cisco 1841 Advanced Security router,
> a host of sporadic connectivity problems specific to Outlook (trying to
> connect...), Exchange IM (won't log in, user does not receive a complete list
> of contacts) and internal IIS sites with "Integrated Windows Authentication"
> (regular site navigation shows intermittent "hangs" where IE continues to
> wait for a response) come out of the woodwork for clients accessing these
> services over the VPN tunnel.
>
> Our team already has escalated cases with both Microsoft and Cisco to work
> this ongoing issue. We too were hit with MS05-19 that completely broke AD
> replication over VPN. The short term fix was to apply a manual MTU setting
> of 1372 to all domain controllers and Exchange servers across the Enterprise.
> We are still cleaning up this setting.
>
> Here are a few notes on my progress:
>
> - We are NOT running 2003 SP1 on any systems.
> - We have applied the MS05-19 FIXED hotfix to some clients and servers
> (Exchange and DC's) and removed the forced 1372 MTU, but issues persist.
> - I have forced Kerberos to use TCP on several clients with no noticeable
> improvements.
> - Forcing Outlook to use "NTLM authentication only" seemed to help briefly,
> but problems returned.
> - 99% of our remote Outlook clients are in cached-mode. Connectivity
> problems are not as apparent in non-cached mode but we have not fully tested
> this theory.
> - We are forcing an MTU of 1300 on the Cisco VPN routers. I have adjusted
> this value repeatedly and removed it completely with no change.
>
> I am leaning toward a Cisco cause/solution but there are a lot of variables
> to contend with. Our open cases and repeated network captures have not
> revealed a definitive cause. Today, our case with Microsoft involved
> captures between the Outlook client and Exchange server and revealed this:
>
> <begin quote>
> Observing right above the first bind in the trace: From the client-side we
> see:
>
> TCP - Syn (Client->Exchange)
> TCP - Ack-Syn (Exchange->Client)
> TCP - Ack (Client->Exchange)
> RPC - Bind UUID A4 . . .
> RPC - Bind UUID A4 . . .
> RPC - Bind UUID A4 . . .
>
> This appears to be a successful TCP session but the Binds don't receive a
> response.
>
> On the server side we see an entirely different story:
>
> TCP - Syn (Client->Exchange)
> TCP - Ack-Syn (Exchange->Client)
> TCP - Reset (Client->Exchange)
> NO RPC Bind at all
>
> Something between the Client and the server is intercepting (or Modifying)
> the last Ack Packet and replacing it with a Reset. After this occurs, the
> Routers/Firewalls probably think the packet is out of state and drop the
> subsequent bind attempts.
> <end quote>
>
> This all sounds like fragmentation to me but if Kerberos and/or RPC wants to
> use large packets that cannot be fragmented after adding IPsec headers, how
> do you get them over a VPN tunnel at all?
>
>
> "Worfman" wrote:
>
> > Hello all –
> >
> > I have a mob of disenchanted users about to lynch me because of a problem
> > that I cannot get to the bottom of. I recently migrated Exchange 5.5 to 2K3,
> > consolidating three sites in the process. Now we have one Exchange Server at
> > headquarters that hosts all mailboxes and public folders. The problem is
> > with the users at the remote sites. Approximately every three business
> > days, I have to restart the Exch Srvr, because over the space of a few hours,
> > many users at the remotes sites are unable to connect to it. (“Trying to
> > connect..” in the Outlook status bar). Only a restart of the Exch Srvr fixes
> > the problem -- not a restart of the Outlook clients, nor of the PCs
> > themselves. Additionally, users local to the Exch Srvr (same lan) are not
> > affected. I would suspect a WAN bandwidth problem, but no other applications
> > are affected.
> >
> > All users connect with Outlook 2K3 in cache-mode. Since there is presumably
> > a lot more traffic being generated (cache mode or not) between our WAN sites,
> > I’ve also had to look at the routers and firewalls involved. But for the
> > sake of approaching this as an Exchange problem as opposed to a Cisco
> > problem, can I ask if anyone knows anything about Exchange that might explain
> > this behaviour? Has anyone seen a case where the routers and firewalls have
> > been especially burdened in an Exchange Server 2003 consolidated site
> > configuration? Maybe with excessive tcp connections that do not time out?
> > (although this and other cisco troubleshooting measures have revealed
> > nothing).
> >
> > If Exchange Server is the problem, it is as though it is accumulating
> > traffic statistics pertaining to slower-link clients, and never clearing it
> > out. Even if it is a Cisco problem, maybe some Exchange admins have run into
> > this before in cases of consolidated sites.
> >
> > Thank you in advance for any ideas.
> >

Need Help w/ CodeI have a routine that uses the name of the workbook to create a new workbook
for the current month. It has worked perfectly through the year til now.
Maybe it has something to do with the change of the year?
Old workbook name = JOHN REPORT Nov 04 - WB w/macro to create new WB
New workbook name should be = JOHN REPORT Dec 04
Actual name the routine creates now is = JOHN REPORT 04 - with no month.
The code is:
tmpName = Left(ActiveWorkbook.Name, Len(ActiveWorkbook.Name) - 10)
Select Case Month(Now()) - 1
Case 1
tmpMonth = "Jan "
Case 2
tmpMonth = &q...

Cannot see all messages in users mailboxEnvironment:
New install of SBS2003
Use POP3 Connector to retreive users email
Have 2 separate Internet domains, each user uses one or the other (i.e.
abc.com or xyz.com)
Have set up recipient policy to set the SMTP address for users that use
xyz.com, others use default policy
Problem occurs using OWA or Outlook 2003, same results for both
Users using abc.com receive and can see mail sent from Internet fine using
Outlook. The problem is that user set up for xyz.com cannot see messages
originating from Internet to user@xyz.com. Any mail sent internally from
another Exchange mailbox to this...

Frequent log entries, event 9175 and 8197Hello!
I have just deployed a fresh Exchange 2003 installation on an equally fresh
Windows Server 2003. I have the following problems:
1. OWA and Outlook works, but it is impossible to add new meeting items via
OWA.
2. The event log is filled with event 9175. This gets logged once a minute:
-------------------------
The MAPI call 'OpenMsgStore' failed with the following error:
The Microsoft Exchange Server computer is not available. Either there are
network problems or the Microsoft Exchange Server computer is down for
maintenance.
The MAPI provider failed.
Microsoft Exchange Serv...

User LogonIs it possible to determine the last time a user accessed his/her mailbox
without having to write code?
Greg Griffis
Can just look at the Mailboxes view for a store in ESM and sort by last
access time.
--
--Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us
www.briandesmond.com
"Greg Griffis" <GregGriffis@discussions.microsoft.com> wrote in message
news:9181E98F-3195-44C1-BD6A-C767C1DF7388@microsoft.com...
> Is it possible to determine the last time a user accessed his/her mailbox
> without having to write code?
>
> Greg Griffis
...

Where are frequent flyer accounts?I recently moved to a new machine and took my Money file with me. In
account list, frequent flyer accounts use to show up at the bottom.
They aren't there anymore. Is there an option to get them back?
Using MS Money Plus Deluxe.
...

HELP!! Accidently saved file... need to recover first one!! :(OK... so I had excel file open and did something I shouldn't have... then
like an idiot, I hit save and closed excel...
DOH
I screwed up... is there any way to locate the document in the guts of my
computer prior to having saved over it? Is there an archive of some sort
that I can recover my good document prior to having saved over it?
Please please please?
Thanks
Sorry, but without a backup It's likely gone. If you are at work and it was
on a network drive and they back up like they should, then ask them to get
you a copy.
--
Regards
Ken........................

NEED HELP ASAP!!! PLEASEHi all,...
I get this msg when I try to log in to the store Administrator, or if I try
to backup database,....::
DATA SOURCE NAME NOT FOUND AND NO DEFAULT DRIVER SPECIFIED..
anyone got an idea what has happened,..... been working just fine in the
past,...
thanks
Arve
...

IIS Restarting and POP3 and IMAP4 Services....Problem:
The IIS, SMTP, POP3 and WWW services crash frequently on the Exchange with
Symantec Antivirus servers and they took Exchange down. This happens with a
frequency of once or twice an hour - or maybe more.
Resolution:
This issue is caused due to the Symantec Brightmail 5. The recommended
workaround is to modify brightmail to no longer use the rulesets that are
causing the issue.
Please Call Symantec to resolve this issue. Here is what they will probably
tell you - to modify the bmiconfig.xml file.
To modify bmiconfig.xml to work around the issue:
Open the services menu by goin...

Question about User Form Window Size on Chip Petersons SiteI have a User Form that I need to adjust to fit the users computer. So far I
not found anyway to get the User Form Window to Adjust. I can adjust the User
Form sixe, but the Main Window the Form located is in is still bigger than
the Screen.
I saw on Chip Petersons site exactly what I need. His code allows complete
control over the User Form just as if it was a regular window.
Can anyone help me with this code?
http://www.cpearson.com/Excel/formcontrol.aspx
There are various ways, this is probably the easiest although it may hide
the task bar
Private Declare Function Se...

HELP NEEDED!! Link cells between worksheetsHi ,
I have a workbook contains 1+50 worksheet, I want to link each sheet number
to sheet one, besides manually change the sheet # in the formula
=SUM('sheet02'!$H$16:$H$21,'sheet02'!$H$26)
=SUM('sheet03'!$H$16:$H$21,'sheet03'!$H$26)
=SUM('sheet04'!$H$16:$H$21,'sheet04'!$H$26)
=SUM('sheet05'!$H$16:$H$21,'sheet05'!$H$26) ..... to sheet 50...
Can someone help me to automatic it in anyway?
Thank you very much!!!!
Nicole
Try this...
=SUM(INDIRECT("'Sheet"&TEXT(ROWS(A$1:A2),"00")&am...

Determining if user has "write/save" permissionsHello All!
I am using Excel 2000 and I have a question.
I have a program (Delphi) which makes a call that executes
an excel macro. The macro does nothing more than change
the value of the "zooming/scaling" value from whatever it
is to 100%. For some users, who don't have WRITE/SAVE
access to the directory where the .xls files live, the
newly modified .xls file gets saved into the "My
Documents" folder instead of the network drive where
the .xls originally was opened. My question is, is there
a way to determine if a user has the "proper rights" for...

Formulae neededHi
I have colmn A with 100 chassis numbers and Colmn B with 85 chassis numbers,
Column B is 15 chassis numbers short of column A ( all column B hassis
numbers are in column A as well ), is there a formulae I can use to extract
these 15 chassis numbers from "A"
Graham,
In column C, use a formula like this (entered in C2)
=ISERROR(MATCH(A2,B:B,FALSE))
and copy down, then sort or filter on column C and select the values in A where the value in C is
TRUE.
HTH,
Bernie
MS Excel MVP
"Graham" <Graham@discussions.microsoft.com> wrote in message
news:B1253D76-7628-44...

BCC all outgoing mail to a userHi,
I am wondering if Exchange could do the following:
I got USER A which announced that he is quiting. I want all the mail sent
from USER A to be automatically FWD also to another USER without USER A
knowing anything about it.
Is there a way to do this?
I am currently using Excahnge 2000 w/ Windows 2000 AD
G.
you could write a script sink.
Stefan
"George Spiro" <spam@spam.com> wrote in message
news:%23YVsHuU2EHA.2316@TK2MSFTNGP15.phx.gbl...
> Hi,
>
> I am wondering if Exchange could do the following:
>
> I got USER A which announced that he is quiting...

sharing contact list between 2 users on the same computerMy wife and I have seperate accounts set up in XP. We also have seperate email accounts. However, we want to access the same contact lists. How do we do it?
The following article describes just such a scenario and tells you how to
set it up:
http://www.slipstick.com/outlook/olshare1.htm
--
Jocelyn Fiorello
MVP - Outlook
*** Messages sent to my e-mail address will NOT be answered -- please
reply only to the newsgroup to preserve the message thread. ***
In news:48FAD817-7A63-416E-A704-991265B319CC@microsoft.com,
the other half wrote:
> My wife and I have seperate accounts set up in...

outlook keeps restartingHello
all of a sudden my outlook 2003 version keeps crashing ,with the "sorry for
the inconvenience etc etc " an error has occurred,then asking me to restart
outlook.
i have noticed Blank Emails in my inbox about 5KB each ,and every time i try
to send/recieve it crashes .
no, i have not clicked on these emails ,i have run norton anti virus and
nothing detectedcan anyone please help.
thankyou
Regards
--
Alan
Hello
sorry for the lack of information.
ok, when i start outlook 2003 and try to recieve messages, i get :
Microsoft Office outlook.
Microsoft Office Outlook has encounter...

How can I remotely list Cluster groups/ownersI would like to be able to list the cluster groups/owners for a remote cluster.
Can anybody help?
Many Thanks,
=Adrian=
Look back to March 2nd in this group for the thread "Windows 2008 - Cluster
Commands via Powershell".
WMI is one option, there are others like using WinRM:
http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html
If you're using PowerShell version 2 on both ends, then you also have
"PowerShell remoting" that you can use.
Marco
"Adrian" <Adrian@discussions.microsoft.com> wr...

need more columnsHave used up all columns and need about 60 more can I add then and how or do
I need to look at redesigning, can't rotate work as again still not enought
columns
Hi
yes, re-designing is the only way in Excel. 256 columns is the maximum
--
Regards
Frank Kabel
Frankfurt, Germany
"Herm" <Herm@discussions.microsoft.com> schrieb im Newsbeitrag
news:38BA2BA7-3CC6-4E35-B48B-42839A15C3E9@microsoft.com...
> Have used up all columns and need about 60 more can I add then and
how or do
> I need to look at redesigning, can't rotate work as again still not
enought
> colu...

Need SQL Statement to Re-open Closed Workorder w/ depositWe have a closed work order with a Deposit amount that was not refunded (due
to MS RMS "account tender" problem). I would really appreciate an SQL
statement that would reopen the work order (unless MS RMS provided a way to
do this action)
So that we can refund the deposit.
Our (work order number is 236) (customer account number 000456)
DDowningMO
--
RMS 1.3, MSDE
3 Lanes, 5 Back Office Clients XP sp2
Server 2003 sp1 Domain Static IP
DD,
UPDATE [Order] SET Closed = 0 WHERE Id = 236
Backup first!!
--
=
Get Secure! - www.microsoft.com/security
You must be using Outlook Ex...

I need help with charts!I am trying to create a column chart on Excel displaying
Years VS. $ in Billions. The problem is that I only want
one column which will display the amount in Billions. I
want the columns to be labeled by year on the horizontal
axis.
For example:
Years $ in billions
1990 200
1991 215
1992 220
1993 450
1994 520
When I select the range to be graphed, I highlight both
columns but then I get to columns and on the horizontal
axis its labled 1,2,3,4 etc. instead of the years....how
do I make it so it graphs the amount in Billions but it
labels the correct year underneath? Do...

Registering of a domain user as a user in CRM with name@DNSnameis it possible, to enter the user name not in the pre-Windows 2000 form? I
get an error if I try this.
Could it be a problem, if in the customer environment the use of pre-Windows
2000 names is restricted?
Thanks in advance
------=_NextPart_0001_697491F2
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Hi There~
Do you mean as in adding a new CRM user? If so, you will need to enter the
name as domain\username. Otherwise, if you are not able to do this use the
deployment manager to add new users. This would let you get around having
to add users as username@domain.local.
Regards...

DPM 2007/2010 Deleting User ProfilesIve been having some issues with the install of both DPM2007 & DPM2010RC. In
both cases when installed on a windows server 2008 (clean) (tried 3 different
servers) it deletes all data from the c:\users directory including the
currently logged on user (except for locked files). Annoying as this is the
main problem is that it breaks SQL reporting services, which throws an error
about the symmetric key not being able to be decoded. Has anyone else
experienced this?
Cheers
Zak
Can you please give some more details like which DPM operation
caused deleting the C:\user...

Vista Mail frequently blocks when deleting mail itemsWhen deleting mail items from my various folders Mail frequently blocks.
Closing and restarting mail sometimes works, but often I need to close the
Winmail process (process manager) and then restart.
Is there a solution to this?
--
JeanDanc
Make sure you have installed Vista's SP1 and SP2 updates.
If the problem continues, try running the various repair functions in=20
the WMUtil program: http://www.oehelp.com/WMUtil
If still no improvement, upgrade to Windows Live Mail:
http://download.live.com/wlmail=20
=20
--=20
Gary VanderMolen, Microsoft MVP (Mail)
Microsoft MVP pro...

Need report to show only longest of 2 periodsGreetings,
I'll try to explain this as best I can; please lt me know if you need
more info.
My report needs to show how many Clients were served in a given month,
based on which Contract they are under. Pretty simple so far. The
query takes care of that, and I have the report totaling by Contract
in the Group Footer {Text box with the ControlSource
"=[ContractCount]"}, and the total of all in the Report Footer {Text
box with the ControlSource "=Count(*)"}.
My test month (May) showed
30 Clients Served under ContractA
15 Clients Served under ContractB.
45 total
The ...

laptop disconnects frequentlyI have a customer SBS 2003 Standard setup with 10 users. One user on a
laptop is constantly being disconnected from the network for about 30
seconds to a few minutes then reconnects. I have changed cables, tried
wireless, tried different locations using different cables, switched ports
on the switch and even formatted and reloaded the system and still he is
getting disconnected. It was good for about a day after I switched ports on
the 16-port switch but that was it. Sometimes he receives a message saying
that this computer is trying to use the same IP as another device on th...

Min/Max need helpIm trying to put a formula in CL4 for min hours for CJ5:CJ65 & if <=0 have
zero value
ALSO in CM4 FOR max HOURS for CJ5:CJ65
For the MIN:
Array entered** :
=MIN(IF(CJ5:CJ65>0,CJ5:CJ65))
** array formulas need to be entered using the key combination of
CTRL,SHIFT,ENTER (not just ENTER). Hold down both the CTRL key and the SHIFT
key then hit ENTER.
For the MAX:
=MAX(CJ5:CJ65)
--
Biff
Microsoft Excel MVP
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:CABEFB94-1803-4BE3-AC79-1849BD763D7F@microsoft.com...
> Im trying...